Penetration tests

Penetration testing

Knowing your strengths and weaknesses is important. However, discovering your weaknesses is one of the most difficult tasks. And that’s precisely why we’re here – searching for weak spots is what we love to do and we do it well.

We will help you to find weaknesses in your applications, infrastructure, and various processes and will then document it and propose countermeasures.

Relevant application​

If you have a list of your assets, a vulnerability scan implemented as well as a resolution process put in place, then it’s time to determine whether it is possible to accomplish an objective like the stealing of customer data, accessing a control panel, or the modifying of payment information.

Our procedure​

To begin, we will establish 3-5 objectives. Testing at the network level is carried out according to NIST 800-115. For the testing of web applications, we employ the OWASP method. We will assess our findings with the help of Common Vulnerability Scoring System (CVSS).

Practically every system utilizes or provides programmers with an interface. We will determine how your API reacts in this respect. Sometimes it is unnecessary to focus on an application when the entire database can be downloaded with a single API query.

Practically every system utilizes or provides programmers with an interface. We will determine how your API reacts in this respect. Sometimes it is unnecessary to focus on an application when the entire database can be downloaded with a single API query.

We will analyze your camera and alarm systems and the way which incidents are recorded and evaluated.

In the pursuit of collecting all relevant information, we will even go through your trash.

Do you have an entrance system which uses contactless cards? We’re even prepared for that. We will check whether it is possible to circumvent it, copy a card, or even to slip in completely unnoticed.

We will examine how the system deals with sensitive data, such as finger prints or palms, and whether it’s possible to circumvent it and enter unauthorized. As a bonus, you will receive materials for dealing with GDPR.

And what about the camera system? Is it possible to outsmart or use as a point of entrance into your network? We will check what state it’s in and whether it’s possible to deactivate or if it has any blind spots.

Infrastructure such as code, cloudification, service software, containers, and microservice speeds up development. However, it also creates new problems. We will test everything connected to the cloud environment from access rights to freely available data to logical errors from a design context.

Result

Reports from penetrative tests are customarily in the form of “Yes, we accomplished the specified objective,” or “No, we didn’t accomplish the specified objective.” We will also indicate all of the findings we came across along the way.

We will not provide you with a complete list of vulnerabilities or prioritized findings – this is what the vulnerability scan is for.

We also don’t like readings pages and pages of a boring document. That’s why we write our reports like a piece of literature that reads as a thriller.
Of course it will include all the things that a good report should have – an assessment, calculations, competencies, and impact factor.
Moreover, we are not merely concerned with what isn’t working. So when an attack is avoided, we will document it and give praise where due.